package cn.jy.boot.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/pro")
//@Secured(value = "ROLE_productManager") //角色的名字必须加 ROLE_ 前缀
//.antMatchers("/pro/**").hasRole("productManager")
@PreAuthorize("hasRole('productManager')") //角色的名字不需要加 ROLE_ 前缀
//@PreAuthorize("hasAnyRole('productManager','userAdmin')") //角色的名字不需要加 ROLE_ 前缀
//.antMatchers("/pro/**").hasAnyRole("userAdmin","productManager")
public class ProductController {

    @RequestMapping("/add")
    public String productAdd(){
        return"product add";
    }

    @RequestMapping("/remove")
    public String proRemove(){
        return"product Remove";
    }

    @Secured("ROLE_productManager")
    //.antMatchers("/list").hasRole("productManager")
    @RequestMapping("/list")
    public String proList(){
        return"product List";
    }

}
